[CentOS] pop3 attack

Tue Dec 9 21:15:25 UTC 2008
Scott Silva <ssilva at sgvwater.com>

on 12-9-2008 12:17 PM James Pifer spake the following:
> I was looking at my maillog and it looks like someone is trying to get
> into my pop3 server. 
> 
> Dec  9 15:28:54 mailserver dovecot: pop3-login: Aborted login: user=<alexis>, method=PLAIN, rip=::ffff:66.167.184.203, lip=::ffff:192.168.1.2
> Dec  9 15:29:08 mailserver dovecot: pop3-login: Aborted login: user=<alfonso>, method=PLAIN, rip=::ffff:66.167.184.203, lip=::ffff:192.168.1.2
> Dec  9 15:29:14 mailserver dovecot: pop3-login: Aborted login: user=<alexis>, method=PLAIN, rip=::ffff:66.167.184.203, lip=::ffff:192.168.1.2
> Dec  9 15:29:18 mailserver dovecot: pop3-login: Aborted login: user=<alfonso>, method=PLAIN, rip=::ffff:66.167.184.203, lip=::ffff:192.168.1.2
> Dec  9 15:29:36 mailserver dovecot: pop3-login: Aborted login: user=<alfred>, method=PLAIN, rip=::ffff:66.167.184.203, lip=::ffff:192.168.1.2
> 
> How worried should I bee about this? Any suggestions for dealing with
> it?
> 
> Thanks,
> James
You can run something like fail2ban and write a rule to catch this. That way a
couple of failures gets the ip address dropped into a firewall rule.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20081209/735af936/attachment-0005.sig>